name: Update CA certificate bundle on: workflow_dispatch: schedule: - cron: "5 2 * * *" jobs: update-ca-certificate-bundle: runs-on: ubuntu-latest strategy: fail-fast: false matrix: branches: ["master", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"] name: update-ca-certificate-bundle-${{ matrix.branches }} steps: - uses: actions/checkout@v3 with: ref: ${{ matrix.branches }} submodules: true - name: Download CA certificate bundle from curl run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem - name: Create Pull Request uses: peter-evans/create-pull-request@v3 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: "fix(security): Update CA certificate bundle" committer: GitHub author: nextcloud-command signoff: true branch: automated/noid/${{ matrix.branches }}-update-ca-cert-bundle title: "[${{ matrix.branches }}] fix(security): Update CA certificate bundle" body: | Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html) labels: | dependencies 3. to review